By Tomer Bitton, security researcher, Imperva
PDFs are widely used business file format, which makes them a common target for malware attacks. Because PDFs have so many "features," hackers have learned how to hide attacks deep under thecheap software surface. By using a number of utilities, we are able to reverse engineer the techniques in malicious PDFs, providing insight that we can ultimately use to better protect our systems. We'll take you through the process that a hacker uses to insert a piece of malware into a sample PDF.
PDF1.jpg
By opening the PDF file with a text editor it is possible to see that there are some encrypted objects. The first circle, object 11, is a command to execute Javascript in object 12. The second and third circles, are a command for object 12 to filter the Javascript with AsciiHexDecode. The main reason for this filter is to hide malicious code inside the PDF and avoid buy cheap software anti-virus detection. This is our first red flag.
pdf2.jpg
This second image shows how the stream is decoded, but additional analysis is required to make sense of it. Again, we will open this code with a text editor to understand its purpose.
PDF3a.jpg
Opening this code as text, can see some Javascript, which is another red flag. We will now work to determine its intent.
PDF4.jpg
By using a utility called Malzilla, we can analyze the Javascript. We input the Javascript in the top box and decode it with the circled button. A closer look at the second circle indicates that this Javascript contains shellcode, yet another red flag.
PDF5.jpg
This is a closer view of the shellcode. Shellcode is typically more used to exploit vulnerabilities while avoiding detection. Shellcode has earned its name for launching a command shell for the attacker to control.
PDF6.jpg
Again, we run a utility, this time to convert the shellcode into an Executable file, which we save, so that we can take an even closer look at its function.
PDF7.jpg
Here, we run yet another utility, IDA, which enables us to disassemble and debug the commands of the Executable file. As we have highlighted, this file contains multiple Nop slide functions, which are used in Shellcode attacks since the location of the Shellcode is not precisely known. This raises another red flag. From here, we should see if there are any interesting binary strings.
PDF8.jpg
Here we have circled multiple binary strings that should raise cheap softwareconcern. One of the circled items, URLDownloadToFileA, is a Windows API function to download a file from a remote server and to save it on the user's PC. In this infected PDF, the shellcode uses it to point the PC to an infection point, which is the IP address we have circled (by the way, don't visit that IP address). Once the infected file is downloaded, the shellcode will execute it, infecting the computer.
There you have it! You have to go deeper to find what is truly buy cheap softwareat the heart of this infected PDF. Hackers are intelligent about wrapping executable files in shellcode, encrypting it and hiding it in Javascript within PDF files, but by reverse engineering their techniques, we gain a better understanding of our vulnerabilities and can work to strengthen your security posture.
sbqcow
buy cheap software
sbqcow
buy cheap software
Lundi 6 juin 2011 à 12:00
Lundi 6 juin 2011 à 11:57
Last week I attended the e-G8 in Paris, France. I arrived with many questions as to the eventual value of the event, some of which I shared in a previous post. Beyond that post my cynicism had grown somewhat, as frankly I was concerned that the event was going to amount to little more than thinly veiled theater intended to push a predetermined agenda at the G8 Summit.cheap software I was right to be concerned because it appears this is exactly what it was.
While the event itself was of the highest quality - held in the Jardin des Tuileries near the Musée du Louvre with great food and wines at each break - it was not the "discussion" it was positioned as in the run-up to the event. Very little time was allocated for attendees to engage in a dialog with the speakers and it lacked any semblance of a workshop or forum.buy cheap softwareThe draft statement from the e-G8 Forum to the G8 Summit appears to have been authored in advance of the completion of the e-G8. Throughout the event, statements discussed on stage would be flashed as summary bullets. These statements often ran counter to the opinions and statements of many in attendance and were more a reflection of the views of large telcos and media conglomerates.
This left the small, but very vocal faction of Internet entrepreneurs, academicians and bloggers scratching their head. It was within this group that I found the most substantive conversations taking place. These discussions often had divergent opinions and views from those being represented on stage. It was this vocal minority that were actively pushing the message of an open Internet at every opportunity.
"The future of the Internet is not here, it wasn't invited," Lawrence Lessig
Mark Elliot Zuckerberg (Facebook) et Maurice Lévy (Publicis Group) lors du e-G8 à ParisMark Elliot Zuckerberg (Facebook) et Maurice Lévy (Publicis Group) lors du e-G8 à Paris. Photo: Arash Derambarsh
The message of an open and free Internet was interjected into the conversation by the likes of John Perry Barlow, Jérémie Zimmermann, Jeff Jarvis, Susan Crawford, Lawrence Lessig and Yochai Benkler. Watching the reactions to their opinions was almost as informative as the opinions themselves. A point made by Jarvis - when questioning French president Nicolas Sarkozy regarding a perception by some governments that the Internet is an "eight continent" to be conquered, governed and taxed - was met with Sarkozy's comment, "Yes, I like this concept of an eighth continent." This exchange between Jarvis and Sarkozy perfectly exemplified the ignorance of policy makers.
I do not think they have bad intentions. It is simply that they've heard the views of special interests like Hollywood, big media and the telcos. Thanks to the Internet, the distributors of media are increasingly irrelevant because the creators of content can connect directly with their customers, without the need for a middle man - in this case the media companies. Media distributors are natural allies to the telcos and make no pretense about their desire to reshape the Internet in their vision. A vision that consists of a centrally controlled, tiered and taxed model that would resemble broadcast mediums of old.
Previously, I asked if the e-G8 would bring solutions or cynicism. moreI think it's wise to assume cynicism. However, I want to make it clear that this was indeed an important and historic event. I believe the organizers put on an excellent event with the best intentions. There were many who were invited that did not fit the mold of giant telco or big media corporation. Furthermore, I was shocked to learn they pulled off this massive undertaking in just over two months. Remarkable.
Imprompu eG8 press conference with Larry Lessig, Susan Crawford & others Impromptu eG8 press conference with Larry Lessig, Susan Crawford & others. Photo: Divergence
My advice to the organizers are as follows: Organize this event every year. Do it in conjunction with the G20, though. Also, increase the diversity of attendees, but try to do so without increasing the numbers of attendees.cheap software It will be OK if you bump some of those media and publishing industry executives. No one will miss them in a few years anyway. Finally, be creative in how you get feedback from attendees and even non-attendees. There are a variety of ways to provide a ladder of engagement both in and outside the event to facilitate dialog.
When Given a Theater, Make It Your Stage
An event like this has to be viewed as a stage. A stage is buy cheap softwarewhat you make of it and many of those in attendance did a great job getting their message of an open and free Internet and intellectual property reform disseminated. Almost all the press coverage of the event was affected by this message. Moreover, a wealth of videos, articles, blog posts and new relationships were forged to strengthen the call for an open Internet as a result of the e-G8.
While the event itself was of the highest quality - held in the Jardin des Tuileries near the Musée du Louvre with great food and wines at each break - it was not the "discussion" it was positioned as in the run-up to the event. Very little time was allocated for attendees to engage in a dialog with the speakers and it lacked any semblance of a workshop or forum.buy cheap softwareThe draft statement from the e-G8 Forum to the G8 Summit appears to have been authored in advance of the completion of the e-G8. Throughout the event, statements discussed on stage would be flashed as summary bullets. These statements often ran counter to the opinions and statements of many in attendance and were more a reflection of the views of large telcos and media conglomerates.
This left the small, but very vocal faction of Internet entrepreneurs, academicians and bloggers scratching their head. It was within this group that I found the most substantive conversations taking place. These discussions often had divergent opinions and views from those being represented on stage. It was this vocal minority that were actively pushing the message of an open Internet at every opportunity.
"The future of the Internet is not here, it wasn't invited," Lawrence Lessig
Mark Elliot Zuckerberg (Facebook) et Maurice Lévy (Publicis Group) lors du e-G8 à ParisMark Elliot Zuckerberg (Facebook) et Maurice Lévy (Publicis Group) lors du e-G8 à Paris. Photo: Arash Derambarsh
The message of an open and free Internet was interjected into the conversation by the likes of John Perry Barlow, Jérémie Zimmermann, Jeff Jarvis, Susan Crawford, Lawrence Lessig and Yochai Benkler. Watching the reactions to their opinions was almost as informative as the opinions themselves. A point made by Jarvis - when questioning French president Nicolas Sarkozy regarding a perception by some governments that the Internet is an "eight continent" to be conquered, governed and taxed - was met with Sarkozy's comment, "Yes, I like this concept of an eighth continent." This exchange between Jarvis and Sarkozy perfectly exemplified the ignorance of policy makers.
I do not think they have bad intentions. It is simply that they've heard the views of special interests like Hollywood, big media and the telcos. Thanks to the Internet, the distributors of media are increasingly irrelevant because the creators of content can connect directly with their customers, without the need for a middle man - in this case the media companies. Media distributors are natural allies to the telcos and make no pretense about their desire to reshape the Internet in their vision. A vision that consists of a centrally controlled, tiered and taxed model that would resemble broadcast mediums of old.
Previously, I asked if the e-G8 would bring solutions or cynicism. moreI think it's wise to assume cynicism. However, I want to make it clear that this was indeed an important and historic event. I believe the organizers put on an excellent event with the best intentions. There were many who were invited that did not fit the mold of giant telco or big media corporation. Furthermore, I was shocked to learn they pulled off this massive undertaking in just over two months. Remarkable.
Imprompu eG8 press conference with Larry Lessig, Susan Crawford & others Impromptu eG8 press conference with Larry Lessig, Susan Crawford & others. Photo: Divergence
My advice to the organizers are as follows: Organize this event every year. Do it in conjunction with the G20, though. Also, increase the diversity of attendees, but try to do so without increasing the numbers of attendees.cheap software It will be OK if you bump some of those media and publishing industry executives. No one will miss them in a few years anyway. Finally, be creative in how you get feedback from attendees and even non-attendees. There are a variety of ways to provide a ladder of engagement both in and outside the event to facilitate dialog.
When Given a Theater, Make It Your Stage
An event like this has to be viewed as a stage. A stage is buy cheap softwarewhat you make of it and many of those in attendance did a great job getting their message of an open and free Internet and intellectual property reform disseminated. Almost all the press coverage of the event was affected by this message. Moreover, a wealth of videos, articles, blog posts and new relationships were forged to strengthen the call for an open Internet as a result of the e-G8.
Lundi 6 juin 2011 à 11:56
We know that Twitter has been growing astronomically. At the same time, Twitter is still an emerging service, growing beyond from its early adopter base to the Internet as a whole. Pew Research reports that from November cheap software 2010 to May 2011 overall Twitter use grew 5% and U.S. adult Internet users jumped from 8% to 13%.
Pew says that 95% of all Twitter users own a mobile phone and 54% of those users access Twitter via mobile. Black (25%) and Hispanic (19%) people tend to use Twitter more than white people (9%). Twitter use has seen a rise in all age demographics. The biggest jump has come in the 25- to 34-year-old age bracket, up 10% with 19% of people in that group now using buy cheap softwareTwitter.In the November survey, the most likely age bracket to use Twitter was the 18 to 24 bracket, which comprised 16% of total users. That massive bump in users between 25 and 34 unseated the youngsters (18%) as the most likely to use the service. That could portend well for Twitter's attempts to build an ad service on top of the platform as the 25 to 34 age group is one of the most influential when it comes to marketers moreand purchasing trends. Use by 35 to 44 year olds grew from 8% to 14%.
Pew_Twitter Age Brackets.jpg
More men (14%) use Twitter than women (11%). Users tend to be college educated (16%) and urban (15%) or suburban (14%). Use was spread across income brackets with 12% to 15% in each group from less than $30,000 to $75,000 plus.
Pew_Twitter by Race.jpg
The report asks an interesting question: "Twitter, have you ever done this?" That is where 13% reported the affirmative. Yet, the answer to the question "did you use Twitter yesterday?" produces much lower results, buy cheap software with 4% of users saying that the did. That is double the amount of Internet users (2%) who said they "used Twitter yesterday" in November 2010.
That stat speaks to Twitter's well-known problem with user retention.cheap softwareWhether there are 200 million or 300 million accounts is not relevant, but how many people actually use the service.
The study was a national U.S. survey of 2,277 adults age 18 and up done via telephone between April 22 and May 26, 2011. The margin of error is 3.7%.
Pew says that 95% of all Twitter users own a mobile phone and 54% of those users access Twitter via mobile. Black (25%) and Hispanic (19%) people tend to use Twitter more than white people (9%). Twitter use has seen a rise in all age demographics. The biggest jump has come in the 25- to 34-year-old age bracket, up 10% with 19% of people in that group now using buy cheap softwareTwitter.In the November survey, the most likely age bracket to use Twitter was the 18 to 24 bracket, which comprised 16% of total users. That massive bump in users between 25 and 34 unseated the youngsters (18%) as the most likely to use the service. That could portend well for Twitter's attempts to build an ad service on top of the platform as the 25 to 34 age group is one of the most influential when it comes to marketers moreand purchasing trends. Use by 35 to 44 year olds grew from 8% to 14%.
Pew_Twitter Age Brackets.jpg
More men (14%) use Twitter than women (11%). Users tend to be college educated (16%) and urban (15%) or suburban (14%). Use was spread across income brackets with 12% to 15% in each group from less than $30,000 to $75,000 plus.
Pew_Twitter by Race.jpg
The report asks an interesting question: "Twitter, have you ever done this?" That is where 13% reported the affirmative. Yet, the answer to the question "did you use Twitter yesterday?" produces much lower results, buy cheap software with 4% of users saying that the did. That is double the amount of Internet users (2%) who said they "used Twitter yesterday" in November 2010.
That stat speaks to Twitter's well-known problem with user retention.cheap softwareWhether there are 200 million or 300 million accounts is not relevant, but how many people actually use the service.
The study was a national U.S. survey of 2,277 adults age 18 and up done via telephone between April 22 and May 26, 2011. The margin of error is 3.7%.
Lundi 6 juin 2011 à 11:54
Real time search was one of last year's most-discussed tech trends and one of the leaders of that conversation was real-time social media search engine Collecta. Collecta worked directly with publishers to build an index of trusted multi-media content that it streamed live on its website and through its Application Programming Interface (API) on other sites. Twitter, WordPress and Flickr were three of its biggest sources.
Today Collecta.com gave up the ghost and is now a parked domain.cheap software The company made a strong go of it and but apparently despite having a unique and smart product, talent, money and attention - it just wasn't enough.It quickly became apparent that what the company had to offer wasn't something that enough people wanted to buy. Six months ago Collecta announced it was shutting down its API and moving in a different direction.
It doesn't look like that new direction everbuy cheap software emerged. Two months after that announcement, CEO Campbell left the company to resume his focus on tech investing, according to LinkedIn. And today the site went dark.
It's really a shame. Jared Smith, ReadWriteWeb's main man for all things technical and moredesign, says there's nothing quite like Collecta. "Collecta's emphasis on a search experience that went beyond Twitter into photos and videos made it a great tool to truly watch a story unfold in real time," he told me. "Their embeddable widget, which I used regularly on ReadWriteWeb's event sites, was far more powerful than what Twitter provided and is still unmatched in my mind."
Personally, I suspect that there is too small a market for real time searchcheap software in the consumer world. Tell a company that you'll search in real time for actionable information about itself, for example, and you could find some interest - but that's a feature not a product and is something that other companies already offer as B2B services.buy cheap software I don't think consumers are interested in real time search, though they are clearly interested in real time messaging and content delivery on sites they already use.
Neither Collecta, nor competitor OneRiot were able to build growing companies around filling this need. The next most likely may be Topsy, which raised another $15m of its now $30m in funding just this Spring. Real-time social stream service Echo appears to be thriving in a related market - that company says it serves up 40,000 real time media items per minute at peak to customers around the web.
Today Collecta.com gave up the ghost and is now a parked domain.cheap software The company made a strong go of it and but apparently despite having a unique and smart product, talent, money and attention - it just wasn't enough.It quickly became apparent that what the company had to offer wasn't something that enough people wanted to buy. Six months ago Collecta announced it was shutting down its API and moving in a different direction.
It doesn't look like that new direction everbuy cheap software emerged. Two months after that announcement, CEO Campbell left the company to resume his focus on tech investing, according to LinkedIn. And today the site went dark.
It's really a shame. Jared Smith, ReadWriteWeb's main man for all things technical and moredesign, says there's nothing quite like Collecta. "Collecta's emphasis on a search experience that went beyond Twitter into photos and videos made it a great tool to truly watch a story unfold in real time," he told me. "Their embeddable widget, which I used regularly on ReadWriteWeb's event sites, was far more powerful than what Twitter provided and is still unmatched in my mind."
Personally, I suspect that there is too small a market for real time searchcheap software in the consumer world. Tell a company that you'll search in real time for actionable information about itself, for example, and you could find some interest - but that's a feature not a product and is something that other companies already offer as B2B services.buy cheap software I don't think consumers are interested in real time search, though they are clearly interested in real time messaging and content delivery on sites they already use.
Neither Collecta, nor competitor OneRiot were able to build growing companies around filling this need. The next most likely may be Topsy, which raised another $15m of its now $30m in funding just this Spring. Real-time social stream service Echo appears to be thriving in a related market - that company says it serves up 40,000 real time media items per minute at peak to customers around the web.